From 7cab3a3c3a439a221d125654e1d9302ad949aed6 Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Fri, 22 May 2026 15:49:44 +0200 Subject: [PATCH] BUG/MINOR: quic: fix ODCID lookup from derived value In haproxy, when an Initial packet is received, a new connection may be created and a DCID must be attributed. This CID is derived from the original DCID used by the client in its first packet. This is an optimization to avoid storing two CIDs values in the CID tree. On CID lookup, if the DCID used is not found, derivation is performed again. This should permit to retrieve the DCID node. However, this operation is not performed as expected in quic_get_cid_tid(), as the wrong value is used on the second lookup. Fix this function by using derive CID for it. Note that retrieve_qc_conn_from_cid() performs the same lookup but the bug was not present there. The impact of this bug is relatively low as most clients send a single Initial packet. Even in case of multiple packets in a single datagram, this does not cause any issue as the current thread is assigned as default. This should be backported up to 2.8. --- src/quic_cid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/quic_cid.c b/src/quic_cid.c index 6bd475af7..13bc280c2 100644 --- a/src/quic_cid.c +++ b/src/quic_cid.c @@ -378,7 +378,7 @@ int quic_get_cid_tid(const unsigned char *cid, size_t cid_len, tree = &quic_fe_cid_trees[quic_cid_tree_idx(&derive_cid)]; HA_RWLOCK_RDLOCK(QC_CID_LOCK, &tree->lock); - node = ebmb_lookup(&tree->root, cid, cid_len); + node = ebmb_lookup(&tree->root, derive_cid.data, derive_cid.len); if (node) { conn_id = ebmb_entry(node, struct quic_connection_id, node); cid_tid = HA_ATOMIC_LOAD(&conn_id->tid);